Moving a privacyIDEA LXD container to a new LXD host

I have been running privacyIDEA (ver 3.7.4) in a LXD container for a while now, but I need to move the container to a new LXD host. Using LXD’s copy command, I copied the container to the new host, but I discovered that the tokens failed. Both servers are running ntp and syncing to the same ntp server. Anyone have any thoughts on what I might be missing?


You could also have problems with decryption if you have not copied the encryption key.
The encryption key is also used to encrypt and decrypt the password of the ldap resolver (just some information to check!)

See 16.12. Cryptographic considerations of privacyIDEA — privacyIDEA 3.8 documentation

Thank you for this.

I’m actually copying the entire container (lxc copy [container] [new_host]:[container]) so I would expect everything from the existing container to be in the container created on the new host. Even the name of the container on the new host is the same. The IP address of the new container should be the only thing that is different. Could that have an effect?

I figured out that a privacyidea policy had to be changed because it was using a client IP that was no longer correct (new container received a new IP on the new LXD host).

1 Like

You would see this in the audit log with the denied /validate/check requests.
Simply taking a look there!